Trend Micro has released security updates to patch an actively exploited zero-day vulnerability, tracked as CVE-2023-41179, impacting endpoint security products, including Apex One, Apex One SaaS, and Worry-Free Business Security products.
According to the security firm the vulnerability has been exploited in attacks. The flaw is related to the products’ ability to uninstall third-party security software.
An attacker can trigger this vulnerability after it has logged into the product’s administrative console.
“An arbitrary code execution vulnerability has been identified in the Apex One SaaS, Biz, and VBBSS agents’ ability to uninstall third-party security products. To exploit this vulnerability, an attacker would need to be able to log into the product’s administrative console.” reads the advisory published by Trend Micro. Because an attacker would need to have stolen the product’s management console authentication information in advance, they would not be able to infiltrate the target network using this vulnerability alone.”
The vendor recommends customers update their installs to the latest version as soon as possible.
Trend Micro pointed out that the exploitation of this type of flaw typically requires an attacker to have access to the vulnerable device. To mitigate the risk of exploitation the company recommends allowing access only from trusted networks.
Trend Micro has not shared any information regarding the attacks exploiting this vulnerability.
The Japan CERT already published an alert regarding this vulnerability.
“Since the vulnerability is already being exploited in the wild, the users of the affected products are recommended to update the affected system to the latest version as soon as possible.” reads the alert.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Trend Micro Apex One)
Google addressed a Chrome's Password Manager bug that caused user credentials to disappear temporarily for…
The Internet Systems Consortium (ISC) released BIND security updates that fixed several remotely exploitable DoS…
Terrorist groups are increasingly using cyberspace and digital communication channels to plan and execute attacks.…
Progress Software addressed a critical remote code execution vulnerability, tracked as CVE-2024-6327, in the Telerik Report…
A critical flaw in some versions of Docker Engine can be exploited to bypass authorization…
The CVE-2024-21412 flaw in the Microsoft Defender SmartScreen has been exploited to deliver information stealers…
This website uses cookies.